The maximum fragment length extension is optional, and many common implementations (including OpenSSL) do not support it. We must therefore be prepared to receive records of up to 16kB in length. The chance of an allocation of this size failing is non-negligible, so we must split received data into smaller allocations.